-1

I was under the impression that phpseclib didn't need openssl however when I try the following code...

$rsa = new Crypt_RSA();
$key = $rsa->createKey();

I get the following error as IF it is using openssl functions. Sort of confused.

Warning: openssl_pkey_export(): cannot get key from parameter 1 in /RSA.php on line 509  

Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in /RSA.php on line 510  

Warning: array_values() expects parameter 1 to be /RSA.php on line 513  

Warning: call_user_func_array() expects parameter 2 to be array, null given in /RSA.php on line 513  

Warning: array_values() expects parameter 1 to be array, boolean given in /RSA.php on line 514

Warning: call_user_func_array() expects parameter 2 to be array, null given in /RSA.php on line 514
Xenland
  • 510
  • 1
  • 6
  • 19
  • The installation has a `openssl.cnf` file so it appears it may need OpenSSL. Where did you read that it didn't? – kittycat Mar 16 '13 at 00:26
  • The website claims the following " It works on PHP4+ [...] and doesn't require any extensions" http://phpseclib.sourceforge.net/ – Xenland Mar 16 '13 at 01:07
  • if it does require openssl, I've been trying to find a quick method of installing php with openssl on Ubuntu 12. I'm scared that compiling php with openssl will be easy but I don't know how easy it is to integrate into apache2 doing manual compile install. any helpful resources would help (if openssl) is required. – Xenland Mar 16 '13 at 01:09
  • The website says: "phpseclib is designed to be ultra-compatible. It works on PHP4+ (PHP4, assuming the use of PHP_Compat) and doesn't require any extensions. *For purposes of speed, mcrypt is used if it's available as is gmp or bcmath (in that order), but they are not required.*" And I think mcrypt in turn may use openssl, at least for random number generation, when it is available. – Maarten Bodewes Mar 16 '13 at 14:28
  • 1
    You already have OpenSSL installed. If you didn't the `openssl_pkey_export` function wouldn't even exist but it does. I think the problem is that you don't have an openssl.cnf present where phpseclib is expecting one. See my answer for more info. – neubert Mar 16 '13 at 18:01

1 Answers1

0

phpseclib uses OpenSSL if it's available but it's not required.

Short Term Fix

Do define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); at the top.

Long Term Fix

It'd be interesting to see what this would do for you:

#
#-----[ OPEN ]------------------------------------------
#
Crypt/RSA.php
#
#-----[ FIND ]------------------------------------------
#
            $rsa = openssl_pkey_new(array(
                'private_key_bits' => $bits,
                'config' => dirname(__FILE__) . '/../openssl.cnf'
            ));
#
#-----[ AFTER, ADD ]------------------------------------
#
echo dirname(__FILE__) . "/../openssl.cnf\r\n";
echo file_exists(dirname(__FILE__) . '/../openssl.cnf') ? "exists\r\n" : "doesn't exist\r\n";

That won't fix the problem but it'll give us some clue as to what the problem is. In particular, what I'm thinking the problem is is this:

https://github.com/phpseclib/phpseclib/blob/0.3.1/phpseclib/Crypt/RSA.php#L503

phpseclib checks to see if the OpenSSL extension is defined when defining CRYPT_RSA_MODE_OPENSSL but doesn't check to see if openssl.cnf exists when it's being used. Probably an oversight on the developers part and if that's what's causing your issue then the permanent long term fix would be to get phpseclib to check for that files existence.

neubert
  • 15,947
  • 24
  • 120
  • 212
  • 1
    What was the output? Like I said in my post "that won't fix the problem" but "it'll give us some clue as to what the problem is". – neubert Mar 20 '13 at 05:26
  • I did the addition and executed the RSA.php file and got nothing? should i have included it instead and ran the command? (I'm about to try the short term solution) – Xenland Mar 20 '13 at 23:33
  • 1
    oh wait I just got this on another page now: /backend/phpseclib0.3.1/../openssl.cnf doesn't exist – Xenland Mar 20 '13 at 23:33
  • That's what I was thinking you'd get. Do the short term fix and I'll submit a pull request to the author. It's like a one line fix. Thanks for getting back to me! – neubert Mar 21 '13 at 00:04
  • The latest commit should fix this. Thanks for the heads up!: https://github.com/phpseclib/phpseclib/commit/11a6b1a1afdb16370c6de2050fd139a6f0bb5abd#phpseclib/Crypt/RSA.php – neubert Mar 21 '13 at 15:53
  • Great commit! I might also mention I was forced to put my RSA.php file inside the phpseclibx.x.x folder as it wasn’t properly loading the require_once() files. As a result instead of using your short term answer I've deleted the ".../" part when loading the openssl.cnf and it seem to work now as it just loads it in the same folder. I'll be push a commit as well so that the RSA.php will work more correctly in conjunction with your commit. This was fun :D – Xenland Mar 21 '13 at 16:01